package itheima02;

import utils.JDBCUtil;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;

/*
    JDBC模拟用户登录
    步骤:
        1.获取页面数据
        2.获取数据库连接Connection对象
        3.Connection对象获取执行sql语句的Statement对象
        4.Statement对象执行查询,获取结果
        5.处理结果,给页面响应信息回去
        6.关闭资源
    注意:
        SQL注入攻击:
        使用+拼接sql语句,存在安全隐患,可能会在sql语句中拼接一个or后面写永远成立的条件,
        使得sql语句前面的所有条件都失效了
        比如:
            用户名: admin
            密码: fejowjfwofew' or '1'='1
            select * from users where uname='admin' and upass='fejowjfwofew' or '1'='1'"


 */
/*public class Demo02JDBCLogin {
    public static void main(String[] args) throws Exception {
        //1.获取页面数据
        Scanner sc = new Scanner(System.in);
        System.out.println("请输入用户名: ");
        String uname = sc.nextLine();
        System.out.println("请输入密码: ");
        String upass = sc.nextLine();

        //2.获取数据库连接Connection对象
        Connection con = JDBCUtil.getConnection();

        //3.Connection对象获取执行sql语句的Statement对象
        Statement stmt = con.createStatement();

        //定义sql语句
        String sql = "select * from users where uname='"+uname+"' and upass='"+upass+"'";

        System.out.println(sql);
        //4.Statement对象执行查询,获取结果
        ResultSet rs = stmt.executeQuery(sql);

        //5.处理结果,给页面响应信息回去
        if(rs.next()) {
            System.out.println("登录成功~~");
        } else {
            System.out.println("登录失败~~~~");
        }
        //6.关闭资源
        JDBCUtil.release(con,stmt,rs);
    }
}*/

public class Demo02JDBCLogin {
    public static void main(String[] args) throws SQLException {
        //1.获取页面数据
        Scanner scanner=new Scanner(System.in);
        System.out.println("输入用户名:");
        String uname=scanner.nextLine();

        Scanner scanner1=new Scanner(System.in);
        System.out.println("输入用户密码:");
        String upass=scanner1.nextLine();
        //2.获取数据库连接Connection对象
        Connection connection=JDBCUtil.getConnection();
        //3.Connection对象获取执行sql语句的Statement对象
        Statement statement = connection.createStatement();

        String sql="select * from users where uname='"+uname+"' and upass='"+upass+"'";

        ResultSet resultSet = statement.executeQuery(sql);

        //4.Statement对象执行查询,获取结果
        if(resultSet.next()){
            System.out.println("登录成功~~");
        }else {
            System.out.println("登录失败~~");
        }
        //5.处理结果,给页面响应信息回去
        //6.关闭资源
        JDBCUtil.release(connection,statement,resultSet);
    }
}